The FTC—in its December 2010 online privacy report and testimony before Congress—discussed the need for a browser-based “Do Not Track” mechanism to give consumers greater control over behavioral advertising. Under the “Do Not Track Me Online Act of 2011” (H.R. 654)—introduced by Rep. Speier (D-CA) on February 11—the FTC will have 18 months to establish regulations for an online opt-out mechanism. The opt-out mechanism must “allow a consumer to effectively and easily prohibit the collection or use of any covered information and to require a covered entity to respect the choice of such consumer to opt-out of such collection or use.”
The new regulations will apply to any person engaged in interstate commerce that stores or collects any of the following online data regarding an individual: (1) online activity, including web sites visited and time of access; (2) IP address; and (3) personal information, including name, e-mail address, phone number, or financial account information. Covered entities would have to disclose their collection and sharing practices, including identifying by name who they share information with. The bill would allow the FTC to exempt commonly accepted commercial practices like the collection of information for billing purposes.
Failure to comply with the new regulations would constitute an unfair or deceptive trade practice. In addition to the FTC, state attorneys general would have the authority to bring a civil action to enforce violations of the new Do Not Track regulations. Civil penalties would be calculated by multiplying the number of days a covered entity was not in compliance by an amount up to $11,000 per day, up to a maximum total liability of $5,000,000.
Speier also introduced the “Financial Information Privacy Act of 2011” on February 11. According to her press release:
“The Financial Information Privacy Act of 2011 would finally give consumers the ability to control the sharing of their own financial information. The bill mirrors legislation Speier successfully steered to passage in California that prevents financial institutions from sharing or selling personally identifiable nonpublic information with affiliates without an opportunity to opt-out, or in the case of unaffiliated third parties, a requirement that consumers opt-in. This bill gives consumers control of their personal financial information and provides meaningful but workable privacy protection.”
